Privacy and Internet Commerce

C

anadians (and people generally) can still be very reluctant to share their personal information online. A recent website delivered by The AppRefactory — the Edgewater Tenants’ Community Website — has been off to something of a slow start with the administration fielding questions about why an end-user’s address is needed as part of the signup process. This is done with the awareness and limited support from the property management company that acts as the landlord which has data about every tenant’s address, yet that same information is not so readily volunteered when it takes digital form. The information in this case is used to simply verify that an end-user signup request is for a tenant as opposed to some random user from the Internet; in order to ensure that any information a tenant elects to access or share on the site is kept within the tenant community only. As such it is a measure intended to protect tenant privacy, but there can still be reluctance about sharing it.

This is just an example of how users have adapted over the years to safeguard their privacy. Yet now the police want measures taken by Internet Service Providers (ISPs) to circumvent privacy to such a degree that they will never again be aware of who exactly has access to their information. (We saw in another article posted this past week how police could access computer records without appropriate authorization or authority.) And should police officers once again demonstrate how human they can be and make a mistake, suddenly the information they’ve been entrusted with is available to parties unknown.

Such cases, once known to the public (as they will tend to be, thanks to our free press), could easily put end-users further on the defensive about their information. And, despite poll results suggesting some support for increased police powers, there remains the likelihood the average person in Canada (which, historically, tends to be a person that trusts police authority) hasn’t thought the issue through very thoroughly and certainly not technically. The regime Canadians will be confronted with, whatever their decision about the powers police should have online, could easily be one business is less well-able to thrive in and would find it harder to operate in without being less able to solicit end-user consent and confidence meaningfully.

And they wouldn’t know it until it really was too late.

New Powers Add Onerous Burdens on All Business (Not Just ISPs)

T

he legislation in the UK does not specifically distinguish nor give license to ISPs to operate or grant any special legal distinction to them apart from providers of Internet-facing services generally. As such it would seem to stand as a matter of law that anyone providing Internet-facing services could be compelled to maintain logs concerning end-user activity. From a technical perspective, the law wouldn’t be all that meaningful if it couldn’t extend, for example, to providers of Virtual Private Network (VPN) services which are frequently used to both secure corporate communications online as well as anonymize network access to BitTorrent media sharing sites or “Deep Web” network traffic.

So the law must apply to businesses using the Internet equally (or at least be seen to apply as such). And how will the small business be impacted when they’re suddenly required to maintain a database documenting (as the RCMP want) up to two years of end-user activity? One approach we could use would be to use Microsoft Azure’s service calculator to take a service that uses a very modest 5GB of data monthly to track data transfer activity for a service, numbering just 10,000 transactions. Without any service connections, charging just for the storage of table-based data only, we get an added cost of $409.00 per month, including a $364.00 Standard Support feature on local redundancy only. (Nothing could immediately be found on legislative requirements for backing up this data, but a vendor support feature seemed logical to imagine in this scenario.) That’s a not-so-inconsiderable $4,900 per year and is getting pricey for the average small business.

Now if you run a big business, things get interesting: scaled up to 5TB of data and 1 million transactions, the costs at the same level of support (with local redundancy only) balloon out to $5,223.68 per month or a whopping $62,684.16 per year.

These costs are certainly something to consider when it comes to determining who is paying for all this extra monitoring. One thing is clear, it won’t be coming out of the RCMP’s budget!

And although this is the costs according to one vendor, it is an industry leader in a space oft-credited with reducing the costs associated with maintaining large warehouses of data (a main selling point behind “the cloud” movement). One shudders to think how much more onerous these costs could become if one is required by law to maintain hardware and software of their own, in a facility that is solely under their own control.

Final Analysis: Restrain Police Powers Online

W

ith passage of the UK legislation this past week, the Government of Canada may be best-advised to stay the course for now and weigh its options again at a later date if it chooses. While I suspect both in the wake of Brexit and their now police powers law (called the “Investigatory Powers Bill”) will lead the UK (and England in particular) into a self-made socio-economic crisis, there remains the question as to what exactly the impact of their measures will have. The opportunity here isn’t to regulate early and hopefully stop child sexual abuse — a cause I’m very sympathetic to and have even had occasion to assist police with. Rather, it’s to gain the wisdom about whether the impacts of these measures will simply drive it further underground or make a meaningful difference (as opposed to being an issue cited simply as a political red herring to grant powers that will be used for other purposes). To discover whether the economic impact is too burdensome. And to learn comprehensively if there will be the promised ‘greater good’ worthy of the limits a free and democratic society — a just society — places on itself and its citizens.

roperty Management Application(currently code-named Project “ARTeRMis”) moved a step closer to delivery of a much larger property management tool based on Microsoft SharePoint today with publication of one of the trial components: “Edgewater“. This component is simply an amalgamation of a number of different elements native to SharePoint, but hosted in the Office 365 environment and is setup to product test the suitability of them for inclusion in the TRM (Tenant Relationship Manager) application delivery going forward.

Artermis will ultimately be heavily dependent on Office 365, SharePoint and ASP.NET MVC when it ships; currently forecast for initial delivery sometime in 2017.

ata use in violation of Facebook’s licensing agreement for developers has prompted the company to intervene to halt distribution of an insurance industry app that would have used end-user data (shared by consent) to track social media behaviour and qualify some for discounts on insurance rates. Facebook claims it has a policy to prohibit such use — but the move raises questions around privacy and whether or not Facebook acted in its own interests; possibly masking a hidden intent to mentize similar apps later itself. Regardless, one consequence is likely: nothing stops an app developer from not disclosing the true intent behind acquiring user data nor even offering a misleading or untrue rationale for data capture. This could simply mean England’s “Admiral Insurance” is last case of this kind we hear about.

For more information, see the attached segment from Canada’s CBC News:

Visit the CBC website for video coverage at either of the following links:

fter 3+ years hosted at Weebly.com, it was time to finally take The AppRefactory Inc. company website into a modern hosting environment with features and integration potential that would allow us to demonstrate, albeit in brief, what ASP.NET MVC could offer. Dynamic product listings with breadcrumb sub-navigation, upload sections for partner contracts and résumés; and database-driven contact forms that make it easier than ever (and convenient) to stay in touch are all just the beginning. In the days ahead we still expect to add:

ue to certain issues with the “free” WordPress/IIS host I’d previously been using on and off for the past couple of years, I’ve ended my experimental hosting experience and returned here after all. A couple of minor articles were deleted — but nothing too critical.

So I’ll resume in the weeks ahead posting here on articles of interest mostly to me, but perhaps to some of you out there as well. 😉 Hope the summer is going well for all!

ust a quick advisory to everyone concerning this blog — WE’VE MOVED!!! That’s right; as of today (October 2, 2014), The Ross Report is relocating to its new home at a new hosting provider. So don’t think for a second I’m disappearing anywhere…on the contrary. The new address is a migration off of the old wordpress.com site address because a new environment that is more in-line with the growing in-house architecture of The AppRefactory Inc. (the business I’m running) has become available. The new server also offers all the advantages that go with running one’s own WordPress.org application (PHP) server….which is to say absent all the limitations imposed on users of WordPress.com‘s space. More detailed analytics and the option to tie-into a whole bunch more apps and plug-ins are also now available and will facilitate some forthcoming development exercises in the weeks and (more accurately) months ahead.

Like this:

Sharing Icons

Support this author…

Maintaining a blog site like this takes a commitment of time to write and update material. Although I enjoy it, this commitment detracts from other activities I am involved with, through which I support myself. Your donations encourage me to stay on track, committed as a writer covering those topics which are of interest to you.

The Eclipse foundation recently released MicroProfile 2.2, helping developers to create microservices on top of EE 8. This release comes at the same time that Eclipse is taking over as steward of Java EE and rebranding it to Jakarta EE. By Erik Costlow

This panelists discuss the changes society has seen since the advent of social media and how they're building the next generation of software tools to protect against online harassment. By Leigh Honeywell, Danielle Leong, Sri Ponnada, Kat Fukui

Joy Gao talks about how database streaming is essential to WePay's infrastructure and the many functions that database streaming serves. She provides information on how the database streaming infrastructure was created & managed so that others can leverage their work to develop their own database streaming solutions. She goes over challenges faced w […]

An overview of how the InfoQ editorial team sees the "cloud" and "DevOps" topics evolving in 2019, which focuses on platforms and practices that are being de facto standards and emerging technologies. By Chris Swan, Daniel Bryant, Steffen Opel, Helen Beal, Manuel Pais

Amazon has added another set of new threat detections to its GuardDuty service in AWS. The three new threat detections are two new penetration testing detections and one policy violation detection. By Steef-Jan Wiggers

I think we’ve established there is a bit of a stereotype for men here... but there’s gonna be a stereo type for the other side too (women) cause that’s just how it works. Just because there’s a gender in the name, doesn’t mean other genders aren’t welcome, which is the case here.

Well you are welcome to fly with us if you want to be a part of the squadron - actually winging up with other players is not mandatory, you can still stick to solo but be part of our group if you like :) - o7

Well Chaps it's been a while but we're back. Running like the Thargoids are chasing us to catch back up with #DW2 tonight from 8pm UTC in @EliteDangerous over @Twitch http://twitch.tv/smiter1983 #TeamXebon

It doesn't bother (me, in fact). That was just to say. I won't ever create a "women" group. Cause diversity is interesting. And if Fathers have to wait for their children's sleep, I think that's because they care. So I don't throw the stone. 1/2